Leading accounting firm KPMG recently released the 2025 KPMG Cybersecurity Survey, demonstrating the current trends in cybersecurity spending based on a poll of over 300 C-suite and senior security leaders. The survey shows nearly universal budget growth in the previous year and in upcoming plans. These trends reflect a fundamental shift in how boards and executives view cyber risk and how they respond to the threat landscape.
Why This Spending Surge Is Different
The implemented and planned changes in budgets shown in KPMG’s survey differ from budget increases in response to breaches. The overwhelming rush to invest more in cybersecurity is not merely reactive, but the result of shifting approaches to cybersecurity as attacks continue to rise. More than half (54%) of these strategic, forward-looking budget changes are significant increases of 6% to 10% in preparation for oncoming threats.
This surge in spending is indicative of a shifting approach to how security fits into business strategy, showing more organizations prioritizing defense in an era of rising and advancing threats. “The data doesn't just point to steady growth; it signals a potential boom,” according to Michael Isensee, Cybersecurity & Tech Risk Leader, KPMG LLP. “We're seeing a major market pivot where cybersecurity is now a fundamental driver of business strategy.”
AI as Both Threat and Catalyst
With the use of AI on the rise for both personal and professional use, threat actors are also increasingly turning to advanced AI tools to enhance their attacks. The growing prevalence of AI-empowered attacks is reshaping risk models and prompting a shift in security strategies. Using AI makes it easier for attackers to increase the volume of their attacks and automate significant portions of the process, which also makes it more difficult to protect against these attacks, especially with traditional security tools.
In the face of threats empowered by AI technology, more and more organizations are turning to bet heavily on AI-driven defenses. Attackers using AI can produce threats of greater volume and sophistication, creating risks at a scale that human security teams struggle to keep up with. AI-empowered security tools can help to more easily manage threat detection and response tasks, and investment in these tools is a strategic move that many organizations are prepared to make in the age of the AI explosion.
The Talent Crunch That Won’t Go Away
One of the major trends in cybersecurity that the survey bears out is a shortage of skilled professionals. The majority (53%) of the polled leaders cite the difficulty of finding qualified candidates as a high-impact challenge prompting investment in other measures. The shortage of cybersecurity talent is leading many organizations to increase employee compensation and benefits (49%), internal training (49%), and reliance on external partners including managed services (25%).
The lack of skilled human workers is also a motivator for investment in automation and AI-empowered tools. “Organizations are not eliminating people, they are reducing reliance on manual analysis in favor of automation that operates at machine speed,” says Ram Varadarajan, CEO at Acalvio, going on to add: “Teams stay lean, budgets get smarter, and machines take on the work humans were never meant to do at machine speed.”
Identity, Data, and Cloud Take Center Stage
Trends in cybersecurity investments show what organizations are prioritizing in the shifting modern threat landscape. Increased investment in certain areas provides insight on where real risk now lives. The extreme proliferation of non-human identities, cited by 60% of polled leaders, has led to many organizations (42%) increasingly prioritizing IAM in budgeting, closely following the number of organizations investing in data security and cloud security.
The importance of these critical areas of security cannot be overstated. Identity is the center of modern security, and the increasing use of AI tools and multi-cloud environments has made the identity battleground more complex and challenging. Data security and privacy, already perennial issues for defenders, are becoming more high-stakes as volumes of data increase, along with the interconnectedness of modern systems.
Managing Growth Without Waste
While an overwhelming majority of leaders cite increasing spending in the last 12 months (98%) or planning to do so in the upcoming years (99%), there are challenges to balancing investment with competing priorities and budget pressure. Security experts are forced to focus their efforts and attention on ensuring efficiency, consolidation, and smarter architecture.
Nearly half (44%) of respondents cited resource constraints in budgets, staffing, and tools as a major barrier to remediating threats. Figuring out how to work within these constraints while maintaining robust security against modern threats is a challenge for cybersecurity leaders.
From Bigger Budgets to Better Outcomes
Organizations increasing budget investment in cybersecurity strategy must make sure that their management and execution align with modern cybersecurity needs. Security leaders can translate increased investment into measurable improvements in resilience, trust, and business continuity by prioritizing tools and measures based on their organizations’ goals, resources, and abilities.
